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In the Claims 


1. (Original) A method of developing an access control list, 
comprising : 

developing an enhanced access control list including data 
5 related to at least one of user names, DNS names, Windows 
domain names, and physical addresses; 
converting at least one of, 

user names into corresponding IP and physical 
addresses according to data in the enhanced access control 
10 list; 

DNS names into corresponding IP addresses according 
to data in the enhanced access control list; and 

physical addresses into IP addresses according to 
data in the enhanced access control list; and 
15 developing the access control list from each of the 

operations of converting. 

2. (Original) The method of claim 1 further comprising 
storing the user names and corresponding IP addresses in a 
mapping state database that defines current relationships 

20 among user names, DNS names, domain names, and physical 
addresses . 

3. (Original) The method of claim 1 wherein each physical 
address comprises a MAC address. 

4. (Currently amended) The method of claim 1 wherein 

25 converting user names into corresponding IP and physical 

addresses according to data in the enhanced access control 
list comprises: 

detecting 0 02 . lx login packets being communicated over 
the network; 
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determining a MAC address from the 002 . lx login packets; 

detecting server message block login packets being 
communicated over the network; and 

determining an IP address from the server message block 
5 login packets; and 

developing records in the access control list using the 
obtained IP address for the respective user name. 


5. (Original) The method of claim 1 wherein converting DNS 
names into corresponding IP addresses according to data in the 
10 enhanced access control list comprises: 

detecting packets having an unknown source IP address; 
generating a DNS name query using the source IP address; 
receiving a DNS name associated with the IP address 
responsive to the query; and 
15 developing records in the access control list using the 

obtained IP address for the respective DNS name. 


6. (Original) The method of claim 5 further comprising 
occasionally generating new DNS name queries for the source IP 
address and thereafter repeating the operations of receiving 
20 and developing to update the access control list. 


7. (Original) The method of claim 5 further comprising 
occasionally receiving the DNS name associated with the IP 
address and thereafter repeating the operation of developing 
to update the access control list. 

25 8. (Original) The method of claim 1 wherein converting 

physical addresses into IP addresses according to data in the 
enhanced access control list comprises: 

monitoring DHCP packets communicated over the networks- 
obtaining an IP address assigned to a particular physical 
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address from the monitored DHCP packets; and 

developing records in the access control list using the 
obtained IP address assigned to a respective physical address. 

9. (Original) A method of controlling access of a user to a 
5 network including a plurality of hosts coupled together 
through a network switch, the method comprising: 

storing in the network switch an enhanced access control 
list containing data related to at least one of user names, 
DNS names, Windows domain names, and physical addresses; and 
10 generating a dynamic access control list from the 

enhanced access control list, the dynamic access control list 
containing a plurality of IP addresses that restrict access of 
the user to the network. 


10. (Currently amended) The method of claim 9 wherein 
15 generating the dynamic access control list comprises: 

mapping user names to IP addresses; 

mapping user names to physical addresses; 

mapping physical addresses to IP addresses; 

mapping unknown IP addresses to physical addresses; and 
20 mapping unknown IP addresses to DNS names; and 

applying rules set forth in the enhanced access control 
list relating to controlling access of a user to the addresses 
determined by the operations of mapping to generate the access 
control list. 


25 11. (Original) The method of claim 10 wherein the physical 

addresses comprise MAC addresses. 

12. (Original) The method of claim 10 wherein mapping user 
names to IP addresses comprises: 

detecting server message block login packets being 
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communicated over the network; and 

determining an IP address from the server message block 
login packets. 

13. (Currently amended) The method of claim 10 wherein 
5 mapping user names to physical addresses comprises: 

detecting 8 02.1a login packets being communicated over 
the network; and 

determining a MAC address from the 802 . lx login packets. 

14. (Original) The method of claim 10 wherein mapping unknown 
10 IP addresses to DNS names comprises: 

detecting packets having an unknown source IP address; 
generating a DNS name query using the source IP address; 

and 

receiving a DNS name associated with the IP address 
15 responsive to the query. 

15. (Original) The method of claim 14 further comprising 
occasionally generating new DNS name queries for the source IP 
address and thereafter repeating the operations of generating 
and receiving. 

20 16. (Original) The method of claim 10 wherein mapping unknown 

IP addresses to physical addresses comprises detecting packets 
having an unknown source IP address. 

17. (Currently amended) The method of claim 10 wherein 
mapping physical addresses to IP addresses comprises: 
25 monitoring DHCP packets communicated over the network; 

and 

obtaining an IP address assigned to a particular physical 
address from the monitored DHCP packets. 
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18. (Original) A network switching circuit, comprising: 

a forwarding circuit operable to detect specific received 
packets and to provide the specific packets on a processor 
port, and further operable to receive packets on one of a 
5 plurality of ports including the processor port and to forward 

each received packet to a port corresponding to a destination 
address contained in the packet subject to access restrictions 
contained in a dynamic access control list; 

a memory circuit coupled to the forwarding circuit, the 
10 memory circuit operable to store packets and operable to store 
an enhanced access control list and a dynamic access control 
list; and 

a processor coupled to the forwarding circuit and to the 
memory circuit, the processor operable to define the specific 

15 packets detected by the forwarding circuit and operable to 
process the specific packets stored in the memory circuit 
using the enhanced access control list to generate the dynamic 
access control list and store the dynamic access control list 
in the memory circuit, and further operable to provide the 

20 specific packets to the processor port of the forwarding 

circuit after processing the packets. 

19. (Original) The network switch of claim 18 wherein the 
processor further comprises a direct memory access controller 
coupled between the forwarding engine and the memory. 

25 20. (Original) The network switch of claim 18 wherein the 

switch comprises an Ethernet switch and wherein the packets 
comprise Ethernet packets. 

21. (Original) The network switch of claim 18 wherein the 
enhanced access control list comprises user names, DNS names, 
30 Windows domain names, and physical addresses. 


6 


Appl. No. 10/822,048 

22. (Original) A computer network, comprising: 
a network switch, including, 

a forwarding circuit operable to detect specific 
received packets and to provide the specific packets on a 
5 processor port, and further operable to receive packets 

on one of a plurality of ports including the processor 
port and to forward each received packet to a port 
corresponding to a destination address contained in the 
packet subject to access restrictions contained in a 

10 dynamic access control list; 

a memory circuit coupled to the forwarding circuit, 
the memory circuit operable to store packets and operable 
to store an enhanced access control list and a dynamic 
access control list; and 

15 a processor coupled to the forwarding circuit and to 

the memory circuit, the processor operable to define the 
specific packets detected by the forwarding circuit and 
operable to process the specific packets stored in the 
memory circuit using the enhanced access control list to 

20 generate the dynamic access control list and store the 

dynamic access control list in the memory circuit, and 
further operable to provide the specific packets to the 
processor port of the forwarding circuit after processing 
the packets; and 

25 a plurality of hosts, each host coupled to a respective 

port of the network switch. 


23. (Original) The computer network of claim 22 wherein at 
least some of the hosts comprise personal computer systems. 


24. (Original) The computer network of claim 22 wherein the 
30 network comprises an Ethernet network, and wherein the switch 

comprises an Ethernet switch and the packets comprise Ethernet 
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packets . 

25. (Original) The computer network of claim 22 wherein the 
enhanced access control list comprises user names, DNS names, 
Windows domain names, and physical addresses. 
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